Solved

Splunk - receiving data from univ. forwarder

Posted on 2015-01-11
7
140 Views
Last Modified: 2015-01-25
Hey experts! I am evaluating Splunk for a client. I have deployed the server piece and installed the universal forwarder onto a few Windows servers. I noticed the logs from these servers appeared to not be showing in search results.

I checked the splunkd file and the last line shows a successful connection to the Splunk server. During the install wizard of the univ forwarder, I just accepted the defaults.

Is there a configuration piece I am missing?
0
Comment
Question by:Schuyler Dorsey
  • 5
  • 2
7 Comments
 
LVL 10

Author Comment

by:Schuyler Dorsey
Comment Utility
FYI the Univ. Forwarder sends the App, System and Security logs by default.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
Comment Utility
I have an index created for wineventlog and msad. Just accepted defaults for these.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
Comment Utility
I think I got it. After rebooting the indexer, some logs are appearing in search results. Will monitor to confirm resolution.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 61

Expert Comment

by:btan
Comment Utility
if you check the output.conf comments, it stated "# You must restart Splunk to enable configurations."

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Outputsconf

also it stated restart forwarder for some configuration changes.

http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Deploymentoverview#General_configuration_issues
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 0 total points
Comment Utility
I fixed this by adjusting my inputs.conf. My stanzas had an error in them.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
thanks for sharing hope my post has help though
0
 
LVL 10

Author Closing Comment

by:Schuyler Dorsey
Comment Utility
Correct answer.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now